 All right, sorry to take it from the difficulty, but I promise you that this is worth your while. You can show your, show your coworkers, do something, basically generate work for yourself, but there's no way I'll hold you off to it. Just to be sure. That's cool. That's actually really cool. That's not what I wanted to show you, but that was still cool. That's not what I wanted to show you. So, I'm just to be sure, because maybe some of you already heard of this, does anyone know about the instances? I'm just going to tell you about the HTTB header and the website. HTTB headers, content security policies, anyone you agree with that know what that is? You do, you win. Have you implemented on your site? No, you haven't, because you think it's hard, right? It's really hard. It's not that easy, but you can do it. I'm not going to tell you how to do that right now, but I'm going to tell you how you can allocate your boss to allocate time to do that. Okay, so, I work on this, which you might know. You know, I work on an 18-year-old curl application written by Sissibons. The internet is not arguing. Fantastic. Well, there's a bunch of insights. So I work on an 18-year-old curl application. I use CJPM. I also, a co-worker of mine works on this other website that you should write down. You should go to observatory.lozilla.org, put in the URL to your bank, all right? And go there. And it will give your bank a letter grade, your bank's website a letter grade. I almost guarantee you your bank will give an X, okay? Most applications will give an X. This is a subjective, arbitrary, not exactly fair rating system, but it is meant to cause you to do things that are secure. One of the things that will cause you to do is implement content security policy if you want to really high-ranking. Also, make sure you're not using cookies that are not session specific and some other things. And I would love to show it to you right now. My bank gets an F. Some better sites actually manage to get like a D minus. However, the site that I maintain, which is the bugzilla install that runs the Mozilla, gets an A minus. So my 18-year-old, 20-year-old curl application using CJPM gets a better security rating than, like, a handful of other things, including possibly more important things like my bank. We don't have internet, so I can't show. But anyway, so what you should do is scan your own site, tell your boss that you need to do something to do this, and then hopefully, at the next pro conference, I will give you a module that you can use for defining a content security policy on a per-page basis. Oh, awesome. So this is my help. I mean, is this being recorded? That's good. So that's my help. This is a GoWorkers project. I can spell. People are just wider than it needs to be. Oh, yeah. That's how we know it. So it looks almost like I was writing in perhaps Polish. It's also a scheme. No offense. I don't think it's... I just came from a key signing party, so I have to read the documents for names. Okay, so I'm just going to pick Brussels.b. That's an equal sign, and I have to enter. And I have no idea what this is going to be. It's never been scanned before, so we'll see. If it's been scanned before, we actually hash the results and you get it. Is this SSL checking? It's going to check SSL. It's going to check a bunch of headers. It's manipulating the splines now. There you go. So Brussels.b is the map. That's why it's a map. Okay, so no content security policy. So the cross-sided protection things are intact. Good things are not set with the secure flags so you can get them over plain HTTP. Cross-origin resource sharing is not disabled. No public key bidding, no strict transport security. A redirect with the final destination is not HTTPS. It doesn't have a refer policy. It doesn't use sub-resources. All these things are things you're meant to look up by the way, if you don't know what they are. It's basically none of those things. I'm intrigued what this is scanning. What? TV Sliver.me. I want to do one more. I want to be on my side. I want to see how you can be slightly better. Yeah, it's a special kind of special kind of thing. I love this. It's a must. Alright, meanwhile. That is my side. I'm not my side forever. I've been working on this for three years. But I have a freaking A plus. Voxel is pretty old. It's used in CGI PM. But I can do this. And actually I don't have this on every page. But I have this on the most vulnerable pages. So you too can do this. Meanwhile, not that I have no problem with JIRA, but that's not that you're on. So Mozilla, most of the people have switched from using Mozilla to using something else. And JIRA is quite popular. You know, written in Java. But I like this. So that's, is it not wrong? I can do stuff. Meanwhile, people are using the UK 24 using A plus. But they have a team of a lot of people. I have a team of me and my coworker. Even if you don't have a lot of resources on yourself, you can probably refer to this. And as you guys in the movie, we can say, hey, more profile sites to get the high security. So here's another system I too will be that we can gain. So gain the system. There you go. Yes? Yeah, that was me just now. And you get an F. Considering I'm running a WordPress site, I'm actually running it. It didn't get an F minus. We got it before. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah.